VIEW 21
Why me?
A question asked by many small and medium-sized enterprises (SME) is “Why me?”. What do SMEs have that would be of interest to a cybercriminal and so make them a target? The answer is that you may not have been picked for any particular reason and purely on a random basis. Also, the motivation behind any attack may be moral rather than financial. The two quadrants to the right illustrate this issue.
Targeted or random?
The left-hand quadrant shows the different types of adversaries. The attack may be targeted or completely random (horizontal axis) and casual or persistent (vertical axis). The most dangerous types of attack are Advanced Persistent Threats (APTs) in quadrant two. If an attacker is determined enough and prepared to invest substantial amounts of time and money, they are likely to succeed in the end. This type of adversary is typically state sponsored, looking to steal sensitive defence secrets or disrupt critical national infrastructure. Countries such as Iran, Russia, China and North Korea are reputedly active in this area. A more typical adversary would be a cyber criminal in quadrant one, randomly selecting targets based on unpatched system vulnerabilities or even an opportunistic amateur in quadrant four casually scanning the internet for victims.
Financial or moral?
The right-hand quadrant shows the different motivations behind an attack. Cyber criminals are normally out for financial gain and as much money as they can make. But in a crypto-jacking attack, you are not the ultimate target and the harm may be mild. Rather, your spare system capacity has been hijacked to use for another purpose. Also, the motivation for the attack may not be financial at all but driven by moral concerns instead. When Sony Pictures was hacked in 2014, some 170,000 confidential emails were posted on Wikileaks containing many embarrassing disclosures. The aim of the attack was to shame the senior executives in the company and expose their hypocrisy. Ethically motivated hackers - known as hacktivists – are less interested in financial gain and more driven by their political orientation or personal beliefs.
